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DETAILED ACTION 
Election/Restriction 

1. Restriction to one of the following inventions is required under 35 U.S.C. 121: 

I. Claims 1-21 , drawn to a distributed security system, classified in class 
726, subclass 1. 

II. Claims 22 to 24, drawn to delegation of security credentials, classified in 
class 713, subclass 156. 

III. Claim 25, drawn to message transmission, classified in class 370, 
subclass 471. 

IV. Claims 26 to 29, drawn to secure message transmission and 
authentication, classified in class 713, subclass 170. 

V. Claims 30 to 32, drawn to data processing in distributed computing 
systems, classified in class 712, subclass 28. 

The inventions are distinct, each from the other, because of the following reasons. 

2. Inventions I, II, II, IV and V are related as combination and subcombination. 
Inventions in this relationship are distinct if it can be shown that (1) the 
combination as claimed does not require the particulars of the subcombination as 
claimed for patentability, and (2) that the subcombination has utility by itself or in 
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other combinations (MPEP § 806.05(c)). In the instant case, the combination as 
claimed does not require the particulars of the subcombination as claimed 
because each invention has distinct limitations, and does not depend on the 
limitations of other groups to be patentable. Furthermore, the inventions have 
separate utilities such as: 

Invention I has utility in security policy creation, enforcement and distribution. 
Invention II has utility in delegation of security rights and privileges. 
Invention III has utility in message transmission and delivery in heterogeneous 
networks and protocols. 

Invention IV has utility in message authentication. 

Invention V has utility in data processing in distributed computing systems. 
3. Restriction is proper due to the following reasons: 

3.1 Because these inventions are distinct for the reasons given above and have 
acquired a separate status in the art as shown by their different classification, 
restriction for examination purposes as indicated is proper. 

3.2 Because these inventions are distinct for the reasons given above and the 
search required for each group is not required for any other, restriction for 
examination purposes as indicated is proper. 
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3.3 Because these inventions are distinct for the reasons given above and have 
acquired a separate status in the art because of their recognized divergent 
subject matter, restriction for examination purposes as indicated is proper. 

Based on the reasons mentioned above, the inventions are considered to be distinct. 
Applicant is advised to include an election of invention for examination. 

4. During a telephone conversation with Charles L. Miller, the representing attorney 
of the application, on 9/9/2005 a provisional election was made with traverse to 
prosecute the invention of Group I, claims 1 to 21. Affirmation of this election 
must be made by applicant in replying to this Office action. Claims 22 to 32 are 
withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being 
drawn to a non-elected invention. 

Information Disclosure Statement PTO-1449 

5. The Information Disclosure Statement submitted by the applicant on 05/06/2002 
has been considered. Please see attachment PTO-1449. 
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Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

7. Claims 1, 2, 3, and 5 to 19 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Rothermel (U.S. Patent No. 6678827). 

7.1. As per claim 1 , Rothermel is directed to a distributed security system (Fig. 1 and 
column 4 line 63 to column 5 line 13) comprising: 

a security policy written in a security policy language (column 4line 65 to column 
5 line 3) and 

a least one computer device that process the data in accordance with security 
policy (Fig 2 and column 8 line 49 to 65). 

7.2. As per claim 2, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy identifies the components of the security system (column 5 
line 14 to 25). 
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7.3. As per claim 3, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy identifies the access rights of the security system (column 1 1 
line 18 to 45). 

7.4. As per claim 5, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is configurable (column 7 line 25 to 37). 

7.5. As per claim 6, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy language comprises at least some logic based components. 
As shown in Fig. 3G and column 1 1 line 45 to 60, the security policy creation 
template allows the manager to select network security information using radio 
buttons. Radio buttons corresponds to XOR logic. Therefore, the Examiner 
asserts that Rothermel policy templates include logic-based components. 

7.6. As per claim 7, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy language comprises at least some rule-based components. 
As shown in Fig. 3D-F and column 1 1 line 9 to 45, the security policy creation 
template allows the manager to set the access rules for ping services. Therefore, 
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the Examiner asserts that Rothermel policy templates include ruled-based 
components. 

7.7. As per claim 8, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy language comprises procedural components. As shown in 
Fig. 3B and column 10 line 24 to 45, a security policy is created based on a 
procedure of using the policy template and completion of the policy by including 
network topology attributes. Therefore, the Examiner asserts that Rothermel 
policy templates include procedural components. 

7.8. As per claim 9, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the computer device is configured with computer-executable instructions to: 
receive from the first entity a message formatted in a first protocol and transmit to 
second entity the message formatted in the second protocol that is different from 
the first protocol (Fig. 6 and column 13 line 30 to 67, and Fig 6 column 13 line 30 
to column 14 line 50) 

7.9. As per claim 10, Rothermel is directed to the distributed security system of claim 
9, wherein: 

the computer device is configured with computer-executable instructions to: 
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receive from the first entity a message transported with a first transport; and 
transmit to second entity the message formatted in the second transport that is 
different from the first transport (column 16 line 48 to 62, and Fig 6 column 13 
line 30 to column 14 line 50) 



7.10. As per claim 1 1 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is implemented in at least one application programming 
interface (column 13 line 42 to 67). 

7.1 1 . As per claim 12 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security language includes programming language constructs (column 13 line 
42 to 60). 



7.12. As per claim 13 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes an identify service (Fig. 6 item 640 and column 13 
line 45 to 50). 
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7.13. As per claim 14, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes an admission service (Fig. 6 item 630, the firewall will 
block or admit packets) 

7.14. As per claim 15 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes a permission service (Fig. 3d and column 1 1 line 9 to 
15). 

7.15. As per claim 16 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes a revocation service. As indicated in Fig. 3F, the 
security policy can be configured to allow or disallow a user to access a certain 
service, such as Ping. Changing the policy to disallow a user to continue 
accessing a service is analogous to revocation of a right, and therefore works as 
a revocation service. 

7.16. As per claim 17 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes a mapping of entities to rights. As described in Fig. 
3B and column 10 line 27 to 65, the policy is created based on security template 
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and attributes of each entity. One of the attributes of each entity is its rights. 
Therefore, a policy is created based on the rights of each entity. This discloses 
the feature. 

7.17. As per claim 18, Rothermel is directed to the distributed security system of claim 
17, wherein: 

the security policy further includes a mapping of entities to capabilities. As 
described in Fig. 3B and column 10 line 27 to 65, the policy is created based on 
security template and attributes of each entity. One of the attributes of each entity 
is its capabilities. Therefore, a policy is created based on the capabilities of each 
entity. This discloses the feature. 

7.18 As per claim 19, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is configured to invoke external computer-readable 
instructions (Fig. 6 and column 13 line 30 to 50). 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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9. Claims 4, 20 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rothermel as applied to claim 1 above, and further in view of Saulpaugh (U.S. 
Patent No. 6850979). 

9.1 As per claim 4, Rothermel is directed to the distributed security system of 
claim 1, however, it does not include the specific limitation of security policy 
language comprises the extensible markup language. Saulpaugh teaches a 
method for creating message gates, useful for controlling the level of security 
access the client has to the services (column 7 line 36 to 55). Saulpaugh 
introduces the benefits of using extensible markup language (XML) to create 
messages gates (column 7 line 19 to 36, column 15 line 62 to column 16 line 35). 

Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed 
network elements and devices. 

At the time of invention, it would have been obvious to a skilled person in the art 
to improve the way that Rothermel distributes security policies between the 
security manager and the security devices (which in essence, is exchanging a 
message) using XML comprised message gates as directed by Saulpaugh. 
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The motivation to do so would have been to improve the security of policy 
exchange between the security policy manager and network security devices 
using a standard message exchange language that is interoperable among 
multiple platforms. 

Therefore, it would have been obvious to use XML to create and exchange 
security policies. 

9.2. As per claim 20, Rothermel is directed to the distributed security system of claim 
19, however, it does not include the specific limitation of external computer 
readable instructions comprise native process code. Saulpaugh teaches a 
method for creating message gates, useful for invoking programs in computer 
native language (column 14 line 29 to 42). 

Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed 
network elements and devices. 

At the time of invention, it would have been obvious to a skilled person in the art 
to improve the distributed security system of Rothermel to be capable of invoking 
programs in computer native language, as described by Saulpaugh. 
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The motivation to do so would have been to extend the system's range of 
interoperability to include systems working with machine native language. 

9.3. As per claim 21 , Rothermel is directed to the distributed security system of claim 
19, however, it does not include the specific limitation of external computer 
readable instructions comprise Java code. Saulpaugh teaches a method for 
creating message gates, useful for invoking programs in Java code (column 14 
line 29 to 42). 

Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed 
network elements and devices. 

At the time of invention, it would have been obvious to a skilled person in the art 
to improve the distributed security system of Rothermel to be capable of invoking 
programs in Java code, as described by Saulpaugh. 

The motivation to do so would have been to extend the system's range of 
interoperability to include systems working with Java code. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
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272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone 
number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Farid Homayounmehr 





Examiner 
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